Authentication Bypass in D-Link DSL/DIR/DNS Devices Exposes DNS Configuration
CVE-2026-0625

9.3CRITICAL

Key Information:

Vendor

D-link
Status
Dsl-2640b
Dsl-2740r
Dsl-2780b
Dsl-526b
Vendor
CVE Published:
5 January 2026

What is CVE-2026-0625?

Multiple D-Link DSL, DIR, and DNS devices have vulnerabilities in the dnscfg.cgi endpoint, allowing unauthorized access to the DNS configuration. Attackers exploiting this vulnerability can modify DNS settings without valid credentials, potentially leading to DNS hijacking attacks similar to past threats associated with the GhostDNS malware. With reported exploitation efforts observed in late 2025 and the end-of-life status of these products, it is crucial for users to be aware of the associated risks and discontinue the use of affected devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DIR-600 0

DIR-608 0

DIR-610 0

References

https://supportannouncement.us.dlink.com/security/publica...
vendor-advisorymitigation
https://supportannouncement.us.dlink.com/announcement/pub...
vendor-advisory
https://supportannouncement.us.dlink.com/security/publica...
vendor-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

The Shadowserver Foundation
VulnCheck
JSON
.